Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 21 Sep 2009 10:10:14 +0400
From: Solar Designer <>
Subject: [openwall-announce] JtR and new JtR patches; crypt_blowfish, phpass updates


This is to announce several somewhat-related news items at once.  Some
of these appeared on the Openwall website earlier:

1. I've released John the Ripper, along with an update of the
jumbo patch to this new version.  Besides adding proper links to these
new releases, I've also revised the JtR homepage to make it more focused
on the currently relevant stuff:

The changes made since are intended primarily for use by
packagers of JtR, such as for *BSD "ports" and Linux distributions:

Since version has existed for a year and proved to be reliable,
and since the changes between and are so minor,
is being declared the new "stable" release.

2. We have sort of a stable version of the jumbo patch now.  The
previous update, to version, was bugfix-only, and the new
update to was just that, a mere update.

I recommend everyone packaging JtR to update to (and include
running "make check" with its exit code check on your package build)
and, if you have been including the jumbo patch, update that to the
newly released version as well.

3. Erik Winkler has contributed Win32 and Mac OS X builds of John the
Ripper with revision 6 of the jumbo patch.  These are now found
on the contributed resources list on the John the Ripper homepage:

4. Many unofficial John the Ripper patches have been developed lately,
including JimF's generic MD5-based hash support stuff found on the wiki,
and my generic crypt(3) support patch intended primarily as an interim
solution for cracking the new glibc/Fedora/Ubuntu "SHA-crypt" hashes.

JimF's contributions:

My generic crypt(3) support patch:

also available as john- in the FTP
contrib directory:

Sorry, I haven't gotten around to integrating any of these into the
jumbo patch yet (and it is not certain that all are suitable for that).

5. I've released minor updates of our password hashing frameworks,
crypt_blowfish 1.0.3 (C/C++) and phpass 0.2 (PHP).  Additionally,
Dmitry V. Levin has developed a patch integrating crypt_blowfish into
glibc 2.10.1, now linked from the crypt_blowfish homepage.  (Previously,
only patches for older versions of glibc were available.)

That's all for now as it relates to our password security stuff. :-)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.